WinHex is in its core a universal hexadecimal editor, particularly helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security. An advanced tool for everyday and emergency use: inspect and edit all kinds of files, recover deleted files or lost data from hard drives with corrupt file systems or from digital camera cards. Features include.

Drive cloning, drive imaging
to produce exact duplicates of disks/drives, e.g. to save the time for a full installation of the operating system and other software for several computers/disks of the same type, or to be able to restore a running installation in case of data loss/screwed up Windows (restoration of a backup). Also for computer forensics specialists, since they need to work on a copy when searching for evidence on the object disk. You can clone directly, or from an image file. Menu: Tools | Disk Tools | Clone Disk

RAM editor
e.g. for debugging purposes (programming), for examining/manipulating any running program and in particular computer games (cheating). Tools | RAM Editor

Analyzing files
e.g. to determine the type of data recovered as lost cluster chains by ScanDisk or chkdsk.

Wiping confidential files or disks
...so no one (not even computer forensics specialists) will be able to retrieve them. To securely erase a file, use File Manager | Delete Irreversibly. For disk wiping, open the disk with the disk editor and use Edit | Fill Disk Sectors. E.g. fill with zero bytes (hexadecimal value 00) or random bytes. WinHex works in accordance with the standard outlined in DoD 5220.22-M (for details, please see this white paper).

Wiping unused space and slack space
...either to close security leaks, to securely destroy previously existing classified files that have been deleted in the traditional way only, or to minimize the size of your disk backups (like WinHex backups or Norton Ghost backups), since initialized space can be compressed 99%. On NTFS drives, WinHex will even offer to wipe all currently unused $Mft (Master File Table) file records, as they may still contain names and fragments of files previously stored in them. File slack can be found in the unused end of the last cluster allocated to a file, which usually contains traces of previously existing files. Slack space - like everything else - is processed by WinHex very fast.

ASCII - EBCDIC conversion
Allows to exchange text between mainframe computers and the PC in both directions. You may even tailor the character translation table in WinHex (ebcdic.dat) for your own needs. Edit | Convert

Binary, Hex ASCII, Intel Hex, and Motorola S conversion
z. B. for (E)PROM programmers. Edit | Convert

Unifying and dividing odd and even bytes/words
for (E)PROM programmers. File Manager | Unify/Dissect

Splitting files that do not fit on a disk
File Manager | Split/Concatenate

WinHex as a reconnaissance and learning tool
Are you sure Microsoft Word really discards previous states of your document? You may be surprised to find text deleted long ago in your .doc files. Maybe text that you really do not wish to be seen by the person you are going to pass the .doc file to? Discover what various software programs save in their files. Study unknown file formats and learn how they work. Investigate e.g. how executable files are structured and how they are loaded in RAM. The possibilities are practically unlimited. Here is another important one:

Finding interesting values (e.g. the number of lives, ammunition, etc.) in saved game files
using the Combined Search or using the File Comparison utility, for later manipulation

Manipulating saved game files
for any computer game, following existing instructions from cheat sites on the Internet or for developing your own cheats.

Manipulating text
...that one is not supposed to edit, e.g. in binary files. It is not convenient, but possible to translate practically any software into another language by editing text in the executable files, e.g. if the source code is not available (e.g. lost). Or you would like to edit text in files of a certain binary type that the native application does not let you modify. For instance, programmers may find their compiler automatically creates a configuration file for their project whose filename (application name + .cfg) conflicts with a file their own software uses. If your local laws and the license permit that, edit the compiler's executable file such that it works without problems (e.g. with the filename extension “.cnf”).

Viewing and manipulating files that usually cannot be edited
because they are protected by Windows (e.g. the swap file, temporary files of the Internet Explorer), using the disk editor. Tools | Disk Editor

Viewing, editing, and repairing system areas
such as the Master Boot Record with its partition table and boot sectors. Tools | Disk Editor | Access button

Hiding data or discovering hidden data
...e.g. behind the supposed end of .jpg files (steganography), or in unused parts of logical drives or physical disks. WinHex specifically supports access to surplus sectors that are not in use by the operating system because they do not add to an entire cluster or cylinder. 

Copy & Paste
Use copy & paste or copy & write (=overwrite) with files, disks, and RAM. You may freely copy from a disk and write the clipboard contents to a disk, without regard to sector boundaries! 

Unlimited Undo
When editing, reverse any of your steps. Only restricted by available disk space. Edit | Undo

Jump back and forward
WinHex keeps a history of your offset jumps, and lets you go back and forward in the chain, like an Internet browser does. Position | Back/Forward

Scripting
Automated file editing using scripts, to accelerate recurring routine tasks or to carry out certain tasks on unattended remote computers. The ability to execute scripts other than the supplied sample scripts is limited to owners of a professional license. Scripts can be run from the Start Center or the command line. While a script is executed, you may press Esc to abort. With its wider range of application, scripting supersedes the Routine feature known from previous WinHex versions. Find out more about scripts in the program help.

API (Application Programming Interface)
Professional users may also make good use of WinHex' advanced capabilities in their own programs written in Delphi, C/C++, or Visual Basic. The WinHex API provides a convenient interface for random access to files and disks (at the sector level). The provided functions are similar to the scripting commands.

Data recovery
for erroneously deleted files or generally after an experienced loss of data. Can be done manually or automatically. There is an automatic recovery mode for FAT12, FAT16, FAT32, and NTFS drives called “File Recovery by Name” that simply requires you to specify one or more file masks (like *.gif, John*.doc, etc.). WinHex will do the rest. Via the Access button menu, a recovery mechanism is available for FAT drives which re-creates entire nested directory structures . Supported file types: jpg, png, gif, tif, bmp, dwg, psd, rtf, xml, html, eml, dbx, xls/doc, mdb, wpd, eps/ps, pdf, qdf, pwl, zip, rar, wav, avi, ram, rm, mpg, mpg, mov, asf, mid. In particular owners of digital cameras quite often encounter problems with their media. WinHex is likely to help with this automated function that makes good use of the existence of file headers (characteristic signatures at the beginning of a file). Tools | Disk Tools | File Retrieval

Computer examination/forensics
WinHex is an invaluable tool in the hands of computer investigative specialists in private enterprise and law enforcement.

Trusted download (a security issue)
When transferring unclassified material from a classified hard disk drive to unclassified media, you need to be certain that a copied file will have no extraneous information in any cluster or sector “overhang” spuriously copied along with the actual file, since this slack space may still contain classified data from a time when it was allocated to a different file. The command Tools | Copy exactly copies the file in its current size, no entire sectors or clusters. Not one byte beyond the end of the file will be copied to the destination disk. Minimize your IT risks. Requires a specialist license.

128-bit encryption
to make files unreadable by others. Edit | Convert

Checksum/digest calculation
to make sure a file is not corrupt and was not manipulated, or to identify common known files. Tools | Calculate Hash.

Generating pseudo-random data
for various (e.g. scientific simulation) purposes. Edit | Fill File

and many more specific tasks

Download WinHex v13.9